You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Trojan.w32.looksy Virus

Last week my computer was infected with the W.32.Looksy virus and I managed to get rid of most of the problem. However, I am still getting an alert from my anti-virus program that says Possible Virus Threat. Let me explain every step that I did to get rid of the virus so far and then hopefully I can get some help on how to get rid of it completely.

First, I downloaded SuperAntiSpyware and ran a complete scan. Then I deleted all possible threats. I also downloaded Smitfraudfix and ran a report of the infected files. After that I rebooted into safe mode and selected smitfradfix.cmd. I hit 2 to delete the infected files and it also cleaned the registry. AFter this, I rebooted again into normal mode and it seemed like the problem was gone for the most part. However, I keep getting a popup from Fix It Utilities 7, which is my anti-virus program, that says "Potential threat detected, Name: TROJ_DLOADER.NVT, Infected File: C:\System Volume Information\_restore{A91E49FD-ED75-4E13-AC93-ECA8E2A... This only pops up if I leave the computed idle for 5 minutes or more otherwise it never appears. Does anyone have any suggestions?? Please help so that I can get rid of this thing COMPLETELY. Thanks.

BC AdBot (Login to Remove)

We need to purge your infected system restore points.On the Desktop, right-click My Computer, then click Properties.Click the System Restore tab near the top of the window.Check Turn off System Restore, click Apply, and then click OK.More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.On the Desktop, right-click My Computer, then click Properties.Click the System Restore tab near the top of the window.Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start | All Programs | Accessories | System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.Type a description for your new restore point - Something like "After trojan/spyware cleanup". Click Create, and after it has created the restore point, click "Close".Further instructions on creating a restore point can be found here

If you are pleased with the service I have offered, you may like to consider making a donation.

The System Volume Information Folder (SVI) is a part of System Restore - the feature that allows you to set points in time to roll back your computer to a clean working state. The System Volume Information folder is protected by permissions that allow only the system to have access and is hidden by default unless you have reconfigured Windows to show it.

Keep in mind that System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points. When you scan your system with anti-virus or anti-malware tools, you may receive a message that a virus was found in the System Volume Information folder (System Restore points) but the anti-virus software was unable to remove it. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you use an old restore point.

I did exactly what you told me, rookie147 and I think the problem is resolved. Thanks a lot! I just have one other question. What exactly did the trojan.w32.looksy virus do to my computer? When it happened, I received the windows security alerts and it said that my personal information was being hacked. Is that true?

Anyways, I appreciate the welcome quietman7 and again thanks for resolving my issue rookie147.

Smitfraud is a generic description for a family of rogue applications/trojans that uses misleading advertising, downloads rogue security products, changes (hijacks) the Windows Desktop and infects system files. The Trojan uses bogus security warnings and fake alertsto indicate that your computer is infected with spyware or has critical errors. It is responsible for downloading and installing programs that purport to scan for spyware and then uses false scan reports as a scare tactic to goad you into purchasing one of several rogue programs to fix it. Trojan.w32.looksy is just one of the more recent variants.

I had exactly the same problem as flyer 84 and took much the same route to clean the system up including clearing the system restore but I still have a persistent problem with a kind of pop up which attaches itself to the top of all my interenet pages and says the following:

If you have an issue or problem you would like to discuss, please start your own topic account. Doing that will help to avoid the confusion that often occurs when trying to help two or more people in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using.

Further, posting for assistance in someone else's topic is also known as "hijacking a thread", which is not considered proper forum etiquette.